You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2017/02/23 02:38:02 UTC
[2/2] mesos git commit: Added regression test against fetcher SSL
spillover.
Added regression test against fetcher SSL spillover.
Review: https://reviews.apache.org/r/56771/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/209f8e7f
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/209f8e7f
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/209f8e7f
Branch: refs/heads/master
Commit: 209f8e7fd1c9da1140976748f85d05a426848e0e
Parents: 916a43e
Author: Till Toenshoff <to...@me.com>
Authored: Thu Feb 23 01:53:50 2017 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Thu Feb 23 01:53:50 2017 +0100
----------------------------------------------------------------------
src/tests/fetcher_tests.cpp | 61 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/209f8e7f/src/tests/fetcher_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/fetcher_tests.cpp b/src/tests/fetcher_tests.cpp
index 9c7e8b9..c4854b9 100644
--- a/src/tests/fetcher_tests.cpp
+++ b/src/tests/fetcher_tests.cpp
@@ -1088,6 +1088,67 @@ TEST_F(FetcherTest, HdfsURI)
}
#endif // __WINDOWS__
+
+// Regression test against unwanted environment inheritance from the
+// agent towards the fetcher. By supplying an invalid SSL setup, we
+// force the fetcher to fail if the parent process does not filter
+// them out.
+TEST_F_TEMP_DISABLED_ON_WINDOWS(FetcherTest, SSLEnvironmentSpillover)
+{
+ // Patch some critical libprocess environment variables into the
+ // parent process of the mesos-fetcher. We expect this test to fail
+ // when the code path triggered does not filter them.
+ char* enabled = getenv("LIBPROCESS_SSL_ENABLED");
+ char* key = getenv("LIBPROCESS_SSL_KEY_FILE");
+
+ os::setenv("LIBPROCESS_SSL_ENABLED", "true");
+ os::unsetenv("LIBPROCESS_SSL_KEY_FILE");
+
+ // First construct a temporary file that can be fetched and archived with
+ // gzip.
+ Try<string> dir = os::mkdtemp(path::join(os::getcwd(), "XXXXXX"));
+ ASSERT_SOME(dir);
+
+ Try<string> path = os::mktemp(path::join(dir.get(), "XXXXXX"));
+ ASSERT_SOME(path);
+
+ ASSERT_SOME(os::write(path.get(), "hello world"));
+ ASSERT_SOME(os::shell("gzip " + path.get()));
+
+ ContainerID containerId;
+ containerId.set_value(UUID::random().toString());
+
+ CommandInfo commandInfo;
+ CommandInfo::URI* uri = commandInfo.add_uris();
+ uri->set_value(path.get() + ".gz");
+ uri->set_extract(true);
+
+ slave::Flags flags;
+ flags.launcher_dir = getLauncherDir();
+
+ Fetcher fetcher;
+ SlaveID slaveId;
+
+ Future<Nothing> fetch = fetcher.fetch(
+ containerId, commandInfo, os::getcwd(), None(), slaveId, flags);
+
+ // The mesos-fetcher runnable will fail initializing libprocess if
+ // the SSL environment spilled over. Such failure would cause it to
+ // abort and exit and that in turn would fail the `fetch` returned
+ // future.
+ AWAIT_READY(fetch);
+
+ if (enabled != nullptr) {
+ os::setenv("LIBPROCESS_SSL_ENABLED", enabled);
+ } else {
+ os::unsetenv("LIBPROCESS_SSL_ENABLED");
+ }
+
+ if (key != nullptr) {
+ os::setenv("LIBPROCESS_SSL_KEY_FILE", key);
+ }
+}
+
} // namespace tests {
} // namespace internal {
} // namespace mesos {